<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>fimap Package Description</h2>
<p style="text-align: justify;">fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s currently under heavy development but it’s usable.</p>
<p>Source: https://code.google.com/p/fimap/<br>
<a href="http://code.google.com/p/fimap/" variation="deepblue" target="blank">fimap Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/fimap.git;a=summary" variation="deepblue" target="blank">Kali fimap Repo</a></p>
<ul>
<li>Author: Iman Karim</li>
<li>License: GPLv2</li>
</ul>
<h3>Tools included in the fimap package</h3>
<h5>fimap – LFI and RFI exploitation tool</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="a5d7cacad1e5cec4c9cc">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# fimap -h<br>
fimap v.09 (For the Swarm)<br>
:: Automatic LFI/RFI scanner and exploiter<br>
:: by Iman Karim (<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="f2949b9f9382dc969784b2959f939b9edc919d9f">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>)<br>
<br>
Usage: ./fimap.py [options]<br>
## Operating Modes:<br>
   -s , --single                 Mode to scan a single URL for FI errors.<br>
                                 Needs URL (-u). This mode is the default.<br>
   -m , --mass                   Mode for mass scanning. Will check every URL<br>
                                 from a given list (-l) for FI errors.<br>
   -g , --google                 Mode to use Google to aquire URLs.<br>
                                 Needs a query (-q) as google search query.<br>
   -H , --harvest                Mode to harvest a URL recursivly for new URLs.<br>
                                 Needs a root url (-u) to start crawling there.<br>
                                 Also needs (-w) to write a URL list for mass mode.<br>
   -4 , --autoawesome            With the AutoAwesome mode fimap will fetch all<br>
                                 forms and headers found on the site you defined<br>
                                 and tries to find file inclusion bugs thru them. Needs an<br>
                                 URL (-u).<br>
## Techniques:<br>
   -b , --enable-blind           Enables blind FI-Bug testing when no error messages are printed.<br>
                                 Note that this mode will cause lots of requests compared to the<br>
                                 default method. Can be used with -s, -m or -g.<br>
   -D , --dot-truncation         Enables dot truncation technique to get rid of the suffix if<br>
                                 the default mode (nullbyte poison) failed. This mode can cause<br>
                                 tons of requests depending how you configure it.<br>
                                 By default this mode only tests windows servers.<br>
                                 Can be used with -s, -m or -g. Experimental.<br>
   -M , --multiply-term=X        Multiply terminal symbols like '.' and '/' in the path by X.<br>
## Variables:<br>
   -u , --url=URL                The URL you want to test.<br>
                                 Needed in single mode (-s).<br>
   -l , --list=LIST              The URL-LIST you want to test.<br>
                                 Needed in mass mode (-m).<br>
   -q , --query=QUERY            The Google Search QUERY.<br>
                                 Example: 'inurl:include.php'<br>
                                 Needed in Google Mode (-g)<br>
        --skip-pages=X           Skip the first X pages from the Googlescanner.<br>
   -p , --pages=COUNT            Define the COUNT of pages to search (-g).<br>
                                 Default is 10.<br>
        --results=COUNT          The count of results the Googlescanner should get per page.<br>
                                 Possible values: 10, 25, 50 or 100(default).<br>
        --googlesleep=TIME       The time in seconds the Googlescanner should wait befor each<br>
                                 request to google. fimap will count the time between two requests<br>
                                 and will sleep if it's needed to reach your cooldown. Default is 5.<br>
   -w , --write=LIST             The LIST which will be written if you have choosen<br>
                                 harvest mode (-H). This file will be opened in APPEND mode.<br>
   -d , --depth=CRAWLDEPTH       The CRAWLDEPTH (recurse level) you want to crawl your target site<br>
                                 in harvest mode (-H). Default is 1.<br>
   -P , --post=POSTDATA          The POSTDATA you want to send. All variables inside<br>
                                 will also be scanned for file inclusion bugs.<br>
        --cookie=COOKIES         Define the cookie which should be send with each request.<br>
                                 Also the cookies will be scanned for file inclusion bugs.<br>
                                 Concatenate multiple cookies with the ';' character.<br>
        --ttl=SECONDS            Define the TTL (in seconds) for requests. Default is 30 seconds.<br>
        --no-auto-detect         Use this switch if you don't want to let fimap automaticly detect<br>
                                 the target language in blind-mode. In that case you will get some<br>
                                 options you can choose if fimap isn't sure which lang it is.<br>
        --bmin=BLIND_MIN         Define here the minimum count of directories fimap should walk thru<br>
                                 in blind mode. The default number is defined in the generic.xml<br>
        --bmax=BLIND_MAX         Define here the maximum count of directories fimap should walk thru.<br>
        --dot-trunc-min=700      The count of dots to begin with in dot-truncation mode.<br>
        --dot-trunc-max=2000     The count of dots to end with in dot-truncation mode.<br>
        --dot-trunc-step=50      The step size for each round in dot-truncation mode.<br>
        --dot-trunc-ratio=0.095  The maximum ratio to detect if dot truncation was successfull.<br>
        --dot-trunc-also-unix    Use this if dot-truncation should also be tested on unix servers.<br>
        --force-os=OS            Forces fimap to test only files for the OS.<br>
                                 OS can be 'unix' or 'windows'<br>
## Attack Kit:<br>
   -x , --exploit                Starts an interactive session where you can<br>
                                 select a target and do some action.<br>
   -T , --tab-complete           Enables TAB-Completation in exploit mode. Needs readline module.<br>
                                 Use this if you want to be able to tab-complete thru remote<br>
                                 files\dirs. Eats an extra request for every 'cd' command.<br>
## Disguise Kit:<br>
   -A , --user-agent=UA          The User-Agent which should be sent.<br>
        --http-proxy=PROXY       Setup your proxy with this option. But read this facts:<br>
                                   * The googlescanner will ignore the proxy to get the URLs,<br>
                                     but the pentest\attack itself will go thru proxy.<br>
                                   * PROXY should be in format like this: 127.0.0.1:8080<br>
                                   * It's experimental<br>
        --show-my-ip             Shows your internet IP, current country and user-agent.<br>
                                 Useful if you want to test your vpn\proxy config.<br>
## Plugins:<br>
        --plugins                List all loaded plugins and quit after that.<br>
   -I , --install-plugins        Shows some official exploit-mode plugins you can install<br>
                                 and\or upgrade.<br>
## Other:<br>
        --update-def             Checks and updates your definition files found in the<br>
                                 config directory.<br>
        --test-rfi               A quick test to see if you have configured RFI nicely.<br>
        --merge-xml=XMLFILE      Use this if you have another fimap XMLFILE you want to<br>
                                 include to your own fimap_result.xml.<br>
   -C , --enable-color           Enables a colorful output. Works only in linux!<br>
        --force-run              Ignore the instance check and just run fimap even if a lockfile<br>
                                 exists. WARNING: This may erase your fimap_results.xml file!<br>
   -v , --verbose=LEVEL          Verbose level you want to receive.<br>
                                 LEVEL=3 -&gt; Debug<br>
                                 LEVEL=2 -&gt; Info(Default)<br>
                                 LEVEL=1 -&gt; Messages<br>
                                 LEVEL=0 -&gt; High-Level<br>
        --credits                Shows some credits.<br>
        --greetings              Some greetings ;)<br>
   -h , --help                   Shows this cruft.<br>
## Examples:<br>
  1. Scan a single URL for FI errors:<br>
        ./fimap.py -u 'http://localhost/test.php?file=bang&amp;id=23'<br>
  2. Scan a list of URLS for FI errors:<br>
        ./fimap.py -m -l '/tmp/urllist.txt'<br>
  3. Scan Google search results for FI errors:<br>
        ./fimap.py -g -q 'inurl:include.php'<br>
  4. Harvest all links of a webpage with recurse level of 3 and<br>
     write the URLs to /tmp/urllist<br>
        ./fimap.py -H -u 'http://localhost' -d 3 -w /tmp/urllist</code>
<h3>fimap Usage Example</h3>
<p>Scan the web application <b><i>(-u “http://192.168.1.202/index.php”)</i></b> for file inclusion issues:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="deacb1b1aa9eb5bfb2b7">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# fimap -u "http://192.168.1.202/index.php"<br>
fimap v.09 (For the Swarm)<br>
:: Automatic LFI/RFI scanner and exploiter<br>
:: by Iman Karim (<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="2147484c40510f45445761464c40484d0f424e4c">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>)<br>
<br>
SingleScan is testing URL: 'http://192.168.1.202/index.php'</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
